Hi Leigh, > -----Original Message----- > From: Leigh [mailto:lei...@gmail.com] > Sent: Tuesday, October 27, 2015 10:37 AM > To: Anatol Belski <anatol....@belski.net> > Cc: Leigh <le...@php.net>; php-...@lists.php.net; PHP Internals > <internals@lists.php.net> > Subject: [PHP-DEV] Re: [PHP-CVS] com php-src: Remove arc4random: > ext/standard/config.m4 ext/standard/random.c > > Hi Anatol, > > On 26 October 2015 at 21:58, Anatol Belski <anatol....@belski.net> wrote: > > > Which discussions do you mean, could you please link to them? The one > > I remember right now is https://github.com/php/php-src/pull/1513 , but > > there's actually no obvious conclusion. Removing arc4random is quite a > > radical move, but OpenBSD and NetBSD could still profit from not using > > /dev/urandom and it would cost just extending the macro condition. > > > > Thanks > > > > Anatol > > > > There has been a lot of small discussions in the past 6 months in > > various > places, I cannot link to all of them. Most recently > https://bugs.php.net/bug.php?id=70744 which created an offline discussion > between myself, Tom W and Anthony F. > Thanks for the explanations, ofc the offline discussions are hard to link :) Just that they're not visible to the wide range of people.
> There have been pro and con discussions, but in the interest of security the > cons > weigh more heavily. > > The biggest con is that arc4random has been around for a long time, and > different platforms/versions have implementations that range anywhere > between very flawed and very strong. We cannot guarantee cryptographic > quality on all platforms. > > We could conditionally include it on platforms where WE think it is secure > (this > extends beyond the use of ChaCha20 - which there hasn't been much public > cryptanalysis on at all). At present it looks like the only OSes to implement > the That's not quite true about ChaCha, at least when reading this http://ianix.com/pub/chacha-deployment.html. It seems to be even used in the industry for some time already. Of course, even so many people can be wrong, too. > whole security model correctly (i.e. zeroing state on fork, killing process if > entropy could not be obtained from the kernel, etc.) are OpenBSD 5.5+ and > NetBSD 7 > Yeah, I was only talking about those two OS versions that are known for sure to have proper implementations. Even that is a smaller community than fe Linux, IMHO no reason to handicap users, especially as the corresponding codes are present and would need just a condition to extend. It's not that anyone would judge what is secure, but based on the fact that ChaCha is already used, is being widely adopted and there's no evidence of any flaws. Probably when it is implemented in more places like other more popular BSD and Solaris forks, we'll see some patches to PHP anyway. Regards Anatol -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
